Description

While creating dynamiac web pages it's easy to make a mistake. If a generated page depends on entered data (e.g.
URI, HTTP headers etc.) and these data are not filtered enough, it is possible that it can be exploited using
XSS technique.

Risk Factors

TBD

Examples

Example 1

Let's assume that we have an error page, which is handling requests for a non existing pages. Classic 404 error
page. We may use the code below as an example to inform user about what specific page is missing: